DHCP server with link-local address stopped working

[tstarling]

systemd version the issue has been seen with

255.4-1ubuntu8.4

Used distribution

Ubuntu 24.04

Linux kernel version used

6.8.0-41-generic

CPU architectures issue was seen on

x86_64

Component

systemd-networkd

Expected behaviour you didn't see

I am trying to use systemd-nspawn as a local development environment. I want my nspawn container to have access to the internet via NAT and I want it to have a fixed local address that I can use from the host to access the container's services. With the old systemd (Ubuntu 22.04) I did this with nspawn VirtualEthernet=yes and a .network unit file along the lines of

[Match]
Name=ve-mycontainer
Driver=veth

[Network]
Address=169.254.16.1/24
Scope=link
DHCPServer=yes
IPMasquerade=yes
LLDP=yes
EmitLLDP=customer-bridge
LinkLocalAddressing=no

[DHCPServer]
PoolOffset=100
PoolSize=1

When the container comes up, it would get address 169.254.16.100, without any need for configuration inside the container.

Unexpected behaviour you saw

Now after upgrading to Ubuntu 24.04 (systemd 255) and updating the networkd configuration file appropriately, I see

DHCPServer= is enabled, but no suitable static address configured. Disabling DHCP server.

And with ServerAddress set expliclitly in the [DHCPServer] section:

/etc/systemd/network/70-ve-mycontainer.network:32: DHCP server address cannot be a localhost or link-local address, ignoring assignment: 169.254.16.1/24

Reviewing the source, I see that there was bab29f2ab791f1d0b82c883a0f1bfa16112088f3 (Feb 2022) and a0dfce0a3f3cec2db0d10eb13987a363ef4f620f (Sep 2023) which disabled the use of link-local addresses for DHCP. It is unclear to me what this change was in aid of.

I want to use a link-local address for my container because I want it to have a consistent address which does not conflict with addresses used on the LAN. I want to use DHCP to simplify configuration of the container.

Steps to reproduce the problem

No response

Additional program output to the terminal or log subsystem illustrating the issue

No response

[tstarling]

I tried to get this working without DHCP and I hit a couple more bugs. Specifically:

• With scope=link, IPMasquerade is silently ignored, and I found the code for that inside networkd.
• In the container, I get the error "host0: Could not set route: Nexthop has invalid gateway. Network is unreachable". The error occurs when configuring a link-local address as the default gateway -- if I use an RFC 1918 address for this then it works. I think it is probably networkd's fault -- I was able to configure it manually with ip addr and ip route.

You could argue that using a scope=link address as the source for a packet with a routable destination address is inappropriate. But the container is not supposed to know what addresses are present on the remote side of a link. There doesn't seem to be any upstream problem with doing this.

I'm using link-local addresses because I want to be able to connect the host laptop to any wifi network and have the container system keep working. Any RFC 1918 address could be in use by the LAN. What are link-local addresses for if not this?